The federal government just codified the threat model Bitcoin developers have been building against since February.
Key takeaways
President Trump signed "Securing the Nation Against Advanced Cryptographic Attacks" on June 22, 2026, ordering federal agencies to complete post-quantum cryptography (PQC) migration for key establishment by Dec. 31, 2030 and for digital signatures by Dec. 31, 2031. The order names the threat explicitly: "adversaries collecting United States information now, and decrypting it later once large-scale quantum computers are operational." That is the harvest-now, decrypt-later attack vector. The government is no longer treating it as theoretical.
A companion executive order signed the same day establishes a federal quantum computing research and development initiative, per the White House. IBM CEO Arvind Krishna was present at the signing. The administration is accelerating on both the offensive and defensive sides of the quantum equation simultaneously.
The EO assigns hard deadlines at every level of the federal apparatus.
Agency heads must name a PQC migration lead within 30 days. The Office of Management and Budget has 90 days to issue guidance in coordination with CISA and the National Cyber Director. NIST must complete a pilot migration project on its own systems by Dec. 31, 2027, giving the broader government a working reference implementation before the main deadlines hit.
The procurement lever matters most for private infrastructure. The Federal Acquisition Regulatory Council has 180 days to publish a proposed rule requiring covered contractors to meet NIST PQC standards by Dec. 31, 2030. That rulemaking will eventually reach payment rails, regulated custodians, and compliance-adjacent Bitcoin infrastructure. It is a back-door upgrade mandate for any firm touching federal systems.
The standards being mandated are already final. NIST published FIPS 203, 204, and 205 in August 2024. The EO does not create new standards; it puts enforcement teeth on ones that have existed for nearly two years.
The cypherpunk paranoia that built Bitcoin did not wait for a presidential directive.
BIP-360, introducing a quantum-resistant P2MR (pay-to-Merkle-root) address type, merged into Bitcoin's official BIPs repository in February 2026. BIP-361, a three-phase proposal for post-quantum migration and a legacy signature sunset, followed in April 2026. Both proposals build on the same NIST-approved PQC primitives the federal government is now mandating. The post-quantum migration work has been live in the developer community for months.
That progress is real. The risk is also real.
Approximately 34% of all BTC supply sits in quantum-vulnerable address types today, per data cited in BIP-361 as of March 1, 2026. That includes an estimated 1.7 million BTC in ancient P2PK addresses, a portion of which is widely attributed to Satoshi. Bitcoin's proof-of-work (SHA-256) is not the vulnerability here; the threat is to ECDSA wallet signatures, specifically coins in address types that expose public keys on-chain. Every exposed public key ever broadcast to the Bitcoin network is already harvestable. The ledger is permanent and public.
The hardest unresolved debate is whether Bitcoin's protocol should eventually freeze quantum-vulnerable legacy coins. The BIP-361 mechanism is contested. The EO adds external pressure to resolve it: the U.S. government is migrating its own systems by 2030. Bitcoin's developer community now has a concrete external benchmark, and it is not a generous one.
TFTC's thesis: the EO is validation, not threat. Bitcoin developers identified this attack surface and started building before the federal government formalized the policy. The NIST standards are shared. The tooling is converging. The government is playing catch-up to a threat Bitcoin's protocol community acted on first.
The trigger that flips the thesis: BIP-360 fails to reach activation signal within the next 18 months, or the BIP-361 debate over coin-freezing collapses into sustained gridlock. At that point, the government's 2030 deadline will have lapped a leaderless protocol, and Bitcoin's conservatism becomes inertia.
The 180-day contractor rulemaking is the near-term pressure point. Watch for OMB guidance in the next 90 days, which will define what "high-value assets" and "high-impact systems" mean in practice and signal how broadly the mandate will propagate into private infrastructure. On the Bitcoin side, watch for BIP-360 activation signaling and any formal developer consensus on BIP-361's legacy address provisions. The Google ECDSA research that cut the qubit estimate for an ECDSA attack continues to tighten the timeline from the other direction. Bitcoin developers have been building quantum defenses for years; the question now is whether the governance process can match the pace of the threat.
No, not directly. The EO applies to federal agencies, their contractors, and critical infrastructure operators. But the 2030 deadline is set against the same threat model Bitcoin developers are addressing with BIP-360 and BIP-361, and the contractor rulemaking could eventually reach regulated custodians, exchanges, and payment infrastructure that interface with federal systems.
Yes, for all practical purposes. Bitcoin's proof-of-work relies on SHA-256 hashing, which would require an implausible number of qubits to meaningfully attack with quantum hardware. The real quantum vulnerability in Bitcoin is ECDSA wallet signatures, specifically address types that expose public keys on-chain, such as P2PK addresses and any address from which coins have already been spent.
Check whether your coins are in quantum-vulnerable address types. If you are using modern wallet software generating P2WPKH or P2TR addresses that have not been reused, you are not the immediate concern. If you have coins sitting in old P2PK addresses or addresses from which you have previously spent, those public keys are already on-chain and harvestable. Move to fresh, modern addresses in self-custody. Monitor BIP-360 activation progress. Do not leave coins on exchanges.
